2018-07-17 - NECURS BOTNET MALSPAM USES .IQY FILES TO PUSH FLAWED AMMYY RAT

ASSOCIATED FILES:

 

CHAIN OF EVENTS:

 

EMAILS

TWO MALSPAM EXAMPLES:

 

TRAFFIC


Shown above:  Infection traffic filtered in Wirehshark.

 

TRAFFIC FROM AN INFECTED WINDOWS HOST:

 

MALWARE

ASSOCIATED MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.